Friday, 2015-10-09

« Thursday, 2015-10-08 Index Saturday, 2015-10-10 »
*** elo has quit IRC00:01
*** elo has joined #akanda00:02
*** elo has quit IRC00:07
*** swinn has joined #akanda00:25
adam_gkeystone v3 / auth sessions lookin good now https://review.openstack.org/#/c/232247/00:44
*** cleverdevil has quit IRC00:46
*** swinn has quit IRC01:19
markmcclainadam_g: sadly master again02:48
openstackgerritMerged stackforge/akanda-rug: Add driver framework  https://review.openstack.org/21522703:21
adam_goh man. so many patches need rebasing now03:54
adam_gmarkmcclain, any luck /w the port thing? im starting a fresh env now03:55
markmcclainyeah... I think the cause is me being brain dead from waking up too early03:57
adam_gmarkmcclain, as in the stuff isnt really working or PEBAC?03:58
markmcclainI'm waiting for a rebuild to finish03:58
adam_gPEBCAK rather03:59
markmcclainPEBCAK03:59
adam_gah ok. ya, that fix worked great yesterday when i applied it04:01
adam_gre: kilo, does the API support disabling port security via the port API or do we need to do something different there?04:01
markmcclainso the test case I thought should not fail should fail when things are working right04:02
markmcclainI'm going to +A04:06
* adam_g sips beer slowly and parses that04:06
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Track last_boot from nova server not instance_info creation  https://review.openstack.org/21395104:39
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Add support for hash-based RUG scale out  https://review.openstack.org/19536604:39
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Convert to using Keystone sessions for Keystone V3 support  https://review.openstack.org/23224704:40
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Convert to using Keystone sessions for Keystone V3 support  https://review.openstack.org/23224704:48
*** stanchan has joined #akanda05:05
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Properly detect backing instance is gone  https://review.openstack.org/22034505:10
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Delete VRRP and MGT ports on router delete  https://review.openstack.org/21995105:10
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Enrich functional test suite  https://review.openstack.org/21995205:11
*** ronis has joined #akanda07:10
*** ronis has quit IRC08:53
*** ronis has joined #akanda08:57
*** ronis has quit IRC09:42
*** ronis has joined #akanda10:52
*** ronis_ has joined #akanda11:38
*** ronis__ has joined #akanda11:40
*** ronis has quit IRC11:41
*** ronis_ has quit IRC11:43
*** ronis__ has quit IRC12:30
*** ronis has joined #akanda13:08
*** puranamr has joined #akanda13:22
*** puranamr has quit IRC13:41
*** ronis has quit IRC15:23
*** ronis has joined #akanda16:46
*** cleverdevil has joined #akanda16:54
*** cleverdevil has quit IRC16:54
*** cleverdevil has joined #akanda16:55
*** cleverdevil has quit IRC17:06
*** cleverdevil has joined #akanda17:07
*** cleverdevil has quit IRC17:08
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Convert to using Keystone sessions for Keystone V3 support  https://review.openstack.org/23224717:14
*** cleverdevil has joined #akanda17:16
*** cleverdevil has quit IRC17:17
ryanpetrelloso Mark and I figured out the tenant network thing17:29
ryanpetrelloit's a security group thing17:29
ryanpetrelloif you add a rule to your cirros (tenant) VM's security group17:29
ryanpetrelloe.g.,17:29
ryanpetrellohttps://ryanp.dev.newdream.net/co.py/10-09-2015-13-29-35-39c08c24-84f7-4828-9d2f-299065d4d5ac.png17:29
ryanpetrellobah, working link:17:30
ryanpetrellohttps://screens.objects.dreamhost.com/10-09-2015-13-29-35-39c08c24-84f7-4828-9d2f-299065d4d5ac.png?Signature=JlI%2Bomn4upMlY3eRUTiAV6VdQOo%3D&Expires=1444498199&AWSAccessKeyId=8Y1FmVQdlqLchxaCahBd17:30
ryanpetrelloif you do something like this, TCP starts working from router -> tenant VM17:30
ryanpetrellosame with ICMP17:30
ryanpetrellothe upstream security group default that's set up for the demo tenant has v4 and v6 ingress wide open, but restricted to the customer tenant's security group as the remote17:31
ryanpetrelloso this doesn't work since the router VM is on another tenant/security group17:31
ryanpetrelloif you change the rule to use a cidr for the private network, it works17:31
ryanpetrellothis def. seems unique to akanda given the "VM in another tenant" bit17:31
ryanpetrellomy thinking is that we should update the akanda devstack plugin to actually create a rule like this (restricted to the private cidr) in the demo tenant's security group17:32
ryanpetrelloadam_g markmcclain thoughts ^ ?17:32
ryanpetrelloperhaps in https://github.com/stackforge/akanda-rug/blob/master/devstack/plugin.sh#L303 ?17:33
*** elo has joined #akanda17:33
ryanpetrelloinstead of opening this special DHCP hole, it might make more sense to just totally open up v4 and v6 across the tenant cidr (for devstack)17:35
*** cleverdevil has joined #akanda17:49
*** cleverdevil has quit IRC17:51
*** cleverdevil has joined #akanda17:54
adam_gryanpetrello, yeah, having devstack do that seems reasonable enough. im not sure we need to do anything for the non-developer case tho17:56
ryanpetrellosure17:56
ryanpetrelloI think this really only makes sense from a development perspective17:56
adam_gyea17:56
adam_gor admin/testing17:56
ryanpetrelloand for deployers who care17:56
ryanpetrellolike us, we'd probably enable this by default for tenants in our cluster17:57
ryanpetrellorestricting to the private cidr17:57
ryanpetrelloa common thing we do when troubleshooting stuff for folks17:57
ryanpetrellois starting at the router17:57
ryanpetrelloe.g., "can I ping some tenant VM from the router"17:57
ryanpetrelloso that's sort of how we discovered this17:57
adam_gyup17:58
adam_gmarkmcclain mentioned maybe trying to get somethign into neutron upstream to allow this17:58
adam_gb/c i've found myself pinging tenant VMs from router network namespaces as a test in non-akanda worlds, too17:59
adam_g"everything is a freaking security group problem"18:00
davidlenwelllol18:00
adam_ghttps://etherpad.openstack.org/p/akanda-mitaka-planning18:01
adam_gpatches that need mergin' listed there18:01
openstackgerritAdam Gandelman proposed stackforge/akanda-neutron: Add the akloadbalancerstatus API extension  https://review.openstack.org/22537018:06
ryanpetrelloadam_g, I tinkered with this a bit18:08
ryanpetrellowith the plugin18:08
ryanpetrellohttps://github.com/ryanpetrello/akanda-rug/commit/0c18463610d9b48a049ff8b373619e10cf997cb8 seems to do it18:08
ryanpetrellohow do you feel about this as a default for devstack?18:08
*** cleverdevil has quit IRC18:10
adam_gryanpetrello, i feel good about that18:11
markmcclainyeah.. that would work18:11
ryanpetrellok, I'll open a review18:11
*** cleverdevil has joined #akanda18:11
adam_ghttp://www.losangelesduilawyer.org/wp-content/uploads/2014/08/james_brown.jpg18:11
ryanpetrellodah nah nah nah nah nah nah18:11
adam_gryanpetrello, that actually gets rid of the hard-coded 192.168.0.0 CIDR that ive been meaning to update18:11
ryanpetrello\o/18:11
markmcclainthere is one side-effect from this change18:12
markmcclainif you have two vms on teh same network in different sec groups they will always be able to communicate18:12
openstackgerritMerged stackforge/akanda-rug: Adds an LBAAS driver  https://review.openstack.org/22536918:13
markmcclainI'd have to double check, but this might cause a ripple effect and break tempest test18:13
adam_gso ryanpetrello18:24
adam_gis the fact that we just changed the instance naming in liberty from ak-$uuid to ak-router-$uuid going to blow up tooling you guys have built up around this?18:25
openstackgerritMerged stackforge/akanda-appliance: Remove unused variables  https://review.openstack.org/23057118:25
ryanpetrelloadam_g: yes :)18:29
adam_gmaybe we can make it template-able via config18:30
openstackgerritRyan Petrello proposed stackforge/akanda-rug: By default, add a secgroup rule to permit all private network traffic.  https://review.openstack.org/23321318:32
adam_gmarkmcclain, just confirmed all the lb stuff works fine with the noop logging n-lbaas driver enabled18:32
ryanpetrellothat would be really helpful :)18:32
adam_gmarkmcclain, only wart there is that the neutron resources show up /w provider=loggingnoop18:33
ryanpetrellomarkmcclain adam_g https://review.openstack.org/23321318:33
adam_gryanpetrello, +218:35
*** cleverdevil has quit IRC19:03
markmcclainryanpetrello: was thinking about AKANDA_DEFAULT_SUBNET_CIDR19:19
clettadam_g: added a pep0257 plugin to flake8, it'll help :)19:20
openstackgerritAdam Gandelman proposed stackforge/akanda-neutron: Add the akloadbalancerstatus API extension and lbaasv2 plugin  https://review.openstack.org/22537019:21
adam_gproper extension loading unlocked ^19:21
adam_gclett, cool. apologies if those dont get merged immediately, too much stuff in-flight atm and those will likely cause added conflicts19:21
* adam_g lunch19:21
clettadam_g: no problem, just learning the collaborative environment here. once i can get in the simplest change, then i can do code contributions.19:22
ryanpetrellomarkmcclain: ...and :)?19:30
markmcclainryanpetrello: you couldnt figure it out? :)19:31
ryanpetrello...huh?19:32
markmcclainryanpetrello: so there's already a cidr value mainline devstack uses: http://git.openstack.org/cgit/openstack-dev/devstack/tree/lib/neutron-legacy#n55319:33
ryanpetrellooh, I didn't know that :)19:34
ryanpetrello$FIXED_RANGE ?19:34
ryanpetrello(yea, looks that way)19:35
ryanpetrellookay, I'll do ps219:35
markmcclainyeah... I think we might be using fixed_range the wrong way19:37
ryanpetrelloin our plugin?19:39
markmcclainactually it's this hardcoded: https://review.openstack.org/#/c/232193/19:40
markmcclainoops.. wrong like19:40
markmcclainhttps://git.openstack.org/cgit/stackforge/akanda-rug/tree/devstack/plugin.sh#n18619:40
markmcclainryanpetrello: we could also start using the floating range: http://git.openstack.org/cgit/openstack-dev/devstack/tree/lib/neutron-legacy#n127619:42
*** cleverdevil has joined #akanda19:45
markmcclainryanpetrello: sorry to make more work19:47
ryanpetrelloin another commit, maybe :)?19:47
markmcclainsure... I'll propose that in a follow up19:47
ryanpetrellok20:06
ryanpetrelloI'm testing w/ FIXED_RANGE20:06
ryanpetrelloand will update the review20:06
openstackgerritMerged stackforge/akanda-rug: disable port_security for VRRP ports  https://review.openstack.org/23219320:22
*** ronis has quit IRC20:24
openstackgerritRyan Petrello proposed stackforge/akanda-rug: By default, add a secgroup rule to permit all private network traffic.  https://review.openstack.org/23321320:35
ryanpetrellomarkmcclain adam_g ^^20:35
ryanpetrellotested and it seems to work20:36
adam_gryanpetrello, cool20:58
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Properly detect backing instance is gone  https://review.openstack.org/22034521:05
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Delete VRRP and MGT ports on router delete  https://review.openstack.org/21995121:05
adam_gmarkmcclain, rebases^21:05
*** cleverdevil has quit IRC21:20
*** cleverdevil has joined #akanda21:26
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Track last_boot from nova server not instance_info creation  https://review.openstack.org/21395122:08
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Add support for hash-based RUG scale out  https://review.openstack.org/19536622:08
adam_gdavidlenwell, ^22:08
openstackgerritAdam Gandelman proposed stackforge/akanda-rug: Adds missing resource CLI file  https://review.openstack.org/23329322:20
adam_gmarkmcclain, davidlenwell ^ looks like i forgot to 'git add' in one of the previous patches22:21
*** elo has quit IRC22:38
*** elo has joined #akanda22:38
*** elo is now known as help23:11
*** help is now known as Guest7815523:11
*** Guest78155 has quit IRC23:22
*** elo has joined #akanda23:23
« Thursday, 2015-10-08 Index Saturday, 2015-10-10 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!